admin controller authentication using cancan gem

0
votes

I am using cancan gem with rails3. Here I have same log in form for all roles. I have a admin section. Normal authentication check user log in or not but not check his role admin or not.

So normal user can see admin pages using admin url (myapp/com/admin/users), how to authenticate ?

Thanks Prasad

1
ruby-on-rails-3cancan

1 Answers

2
votes

As far as I know CanCan is not for authentication but for authorization

Use something like Devise gem for authentication. And CanCan's ability class to enforce authorization.

You can also manually check if a user is permitted to perform an action using a before_filter hook.